Marco Macchetti

Kudelski Group

Fabrication process introduces some inherent variability to the attributes of transistors (in particular length, widths, oxide thickness). As a result, every chip is physically unique. Physical uniqueness of microelectronics components can be used for multiple security applications. Physically Unclonable Functions (PUFs) are built to extract the ph...

The present invention provides a solution to the problem of guaranteeing the integrity of software programs by encrypting all or part of each instruction of a program using a key based on all or part of one or a plurality of previous instructions, thus resulting in a different encryption key per instruction. The invention is applicable to software...

Data are converted between an unencrypted and an encrypted format according to the Rijndael algorithm, including a plurality of rounds. Each round is comprised of a fixed set of transformations applied to a two-dimensional array, designating states, of rows and columns of bit words. At least a part of the transformations are applied on a transposed...

The present invention provides a method for decrypting encrypted content transmitted from an operator to a plurality of users where said operator further provides security information allowing for the decryption of said content. The method has the advantage of satisfying the goal of providing the capability for detecting a fraudulent user who retra...

Cryptanalysis mainly has public algorithms as target; however cryptanalytic effort has also been directed quite successfully to block ciphers that contain secret components, typically S-boxes. Known approaches can only attack reduced-round variants of the target algorithms, AES being a nice example. In this paper we present a novel cryptanalytic at...

Since almost two decades, the block cipher IDEA has resisted an exceptional number of cryptanalysis attempts. At the time of writing, the best published attack works against 6 out of the 8.5 rounds (in the non-related-key attacks model), employs almost the whole codebook, and improves the complexity of an exhaustive key search by a factor of only t...

This paper explores the resistance of MOS Current Mode Logic (MCML) against attacks based on the observation of the power consumption. Circuits implemented in MCML, in fact, have unique characteristics both in terms of power consumption and the dependency of the power profile from the input signal pattern. Therefore, MCML is suitable to protect cry...

This paper introduces a hardware architecture for high speed network processors, focusing on support for quality of service in IPSec-dedicated systems. The effort is aimed at defining a secure system on chip environment, where the speed and security requirements are of utmost importance. In particular, a method is devised to introduce and support q...

This paper explores the resistance of MOS current mode logic (MCML) against differential power analysis (DPA) attacks. Circuits implemented in MCML, in fact, have unique characteristics both in terms of power consumption and the dependency of the power profile from the input signal pattern. Therefore, MCML is suitable to protect cryptographic hardw...

This paper presents a novel design methodology for the hardware implementation of non-linear bijective functions, commonly used in most symmetric-key cryptographic algorithms and known as substitution boxes (S-boxes). The proposed technique thwarts a particularly relevant class of side-channel attacks against cryptographic hardware, that of differe...

Symmetric-key block ciphers are often used to provide data confidentiality with low complexity, especially in the case of dedicated hardware implementations. IDEA NXT is a novel block cipher family, which has many interesting features and is targeted to multimedia streaming encryption. Different values can be assigned to the hardware architecture p...

In this paper we present an extension of the generalized linear equivalence relation, proposed in [7]. This mathematical tool can be helpful for the classification of non-linear functions f : F p m → F p n based on their cryptographic properties. It thus can have relevance in the design criteria for substitution boxes (S-boxes), the latter being co...

Hash functions are an important cryptographic primitive. They are used to obtain a fixed-size fingerprint, or hash value, of an arbitrary long message. We focus particularly on the class of dedicated hash functions, whose general construction is presented; the peculiar arrangement of sequential and combinational units makes the application of pipel...

In this paper we analyze and discuss the cryptographic ro- bustness of key-dependent substitution boxes (KDSBs); these can be found in some symmetric-key algorithms such as Khufu, Blowfish, and the AES finalist Twofish. We analyze KDSBs in the framework of com- posite permutations, completing the theory developed by O'Connor. Un- der the basic assu...

In this paper we present effective small scale formulations of the Secure Hash Standard; we focus on the SHA-2 family of algo-rithms, introducing new compact instances baptized SHA-16, SHA-32, and SHA-64. These may be useful for computing hashes and Message Authentication Codes (MACs) on small platforms where only 8-bit pro-cessors are available, s...

In this paper we introduce the concept of generalized lin- ear equivalence between functions dened over nite elds; this can be seen as an extension of the classical criterion of linear equivalence, and it is obtained by means of a particular geometric representation of the functions. After giving the basic denitions, we prove that the known equival...

After recalling the basic algorithms published by NIST for implementing the hash functions SHA-256 (384, 512), a basic circuit characterized by a cascade of full adder arrays is given. Implementation options are discussed and two methods for improving speed are exposed: the delay balancing and the pipelining. An application of the former is first g...

In this paper we present a novel methodology that can be used to design efficient hardware structures for a certain class of combinatorial functions. The methodology is primarily intended to achieve low-power synthesis of non-linear one-to-one functions on ASIC technology libraries and fits well for the synthesis of small cryptographic substitution...

An implementation of the hash functions SHA-256, 384 and 512 is presented, obtaining a high clock rate through a reduction of the critical path length, both in the Expander and in the Compressor of the hash scheme. The critical path is shown to be the smallest achievable. Synthesis results show that the new scheme can reach a clock rate well exceed...

The Advanced Encryption Standard (AES) contest, started by the U.S. National Institute of Standards and Technology (NIST), saw the Rijndael [13] algorithm as its winner [11]. Although the AES is fully defined in terms of functionality, it requires best exploitation of architectural parameters in order to reach the optimum performance on specific ar...

Modem networked embedded systems represent a growing market segment in which security is becoming an essential requirement. The Advanced Encryption Standard (AES) specification is becoming the default choice for such type of systems; however, a proper software implementation of AES is of fundamental importance in order to achieve significant perfor...

Rijndael is the winner algorithm of the AES contest; there- fore it should become the most used symmetric-key cryptographic algo- rithm. One important application of this new standard is cryptography on smart cards. In this paper we present an optimisation of the Rijndael algorithm to speed up execution on 32-bits processors with memory con- strain...